Contents

we weren't surprised to see an expansion this week of the new wave of mail worms based on a newly-discovmered vulnerability in ie. this week's top threat, bofra.e, is the latest of these. in an ominous sign reminiscent of the sobig worms that wreaked so much havoc early in 2003, it has an expiration date, indicating that newer and more virulent strains are on their way.

the new mydoom worm, based on the same bug, is still a top threat according to mcafee's avert crew, but many of the other top threats are long-term, endemic problems, written over six months ago. some people must like being infected with worms, because they can't be trying very hard to remove them. see the whole list in our top threats section.

the major new vulnerability announcement this week is in cisco ios version 12.2s on devices that have the dhcp (dynamic host configuration protocol) server or relay agent enabled. a specially-crafted dhcp packet can clog the input queue, causing a denial of service. and a bug in microsoft isa server and proxy server could allow an attacker to trick the server into serving the wrong web page. read about these and more in the top 5 vulnerabilities list.

christmas is coming and the phish are biting. this week's top phishing attack offers a christmasy theme and looks like a contest to win a mercedes. more like a contest to get your pocket picked.

are you still using wep (wired equivalency privacy) to protect your wireless network? it's better than nothing, but not much better. products based on wpa (wi-fi protected access) are widely available now and this week's security tip talks about how it's time to migrate your wireless network over to them.

the highly-regarded open source samba file and print sharing system was upgraded recently to fix a couple of bugs, one of which could allow attackers to execute programs on the server. read more details in security alerts and updates.

wpa networking is based on stronger encryption protocols, specifically aes and rc4. find out what they are in this week's jargon watch. plus: what is a "pe" file?